| Table of Contents |
|---|
...
Tenable SecurityCenter is an enterprise vulnerability management tool that UCI has purchased to expand our vulnerability management initiative campus-wide. SecurityCenter is being offered as a self-service tool that systems administrators, management and business owners can use to track the vulnerability status of their systems as well as track the mitigation progress.
...
Reporting can be used if you wish to send vunerability snapshots to someone who is not using SecurityCenter dashboards. Reporting can be accessed by going to "Reporting" drop down from the main menu bar. Within the "Reports" area you can choose to add a new report from hundreds of templates, or you can choose to create a custom report. While creating the report you can also choose if you want to run the report on all the systems in your group or just a particular asset or host. Once the report is created it will show in a list under "Reports", you then have an option to "Run" the report, results from the report being run will be placed in "Reporting" -> "Report Results".
Workflow Features
The Workflow section contains options for alerting and ticketing. These functions allow the user to be notified of and properly handle vulnerabilities and events as they come in.
Setup Alerts
SecurityCenter can be configured to perform actions, such as email alerts, for select vulnerability or alert occurrences. To setup an alert navigate from the main menu bar to "Workflow" -> "Alerts". Here you can choose to "Add" a new alert and choose the criteria that you would like to be notified when its met and the action you would like to take place when it occurs.
Alert Example: When more than 10 vulnerabilities are discovered that have an exploit available email me.
View Accept/Recast Risk Rules
From the main menu bar under "Workflow" -> "Accepted Risks" or "Recast Risks" you can view the list of currently created rules or accepted or re-cast risks. This enables useres to obtain information on what particular vulnerabilities or hosts have been declared accepted or re-cast as well as who created the rule and any comments that were put in regarding the rule.